Zoom and GitLab have launched safety updates to resolve a variety of safety vulnerabilities that might lead to denial-of-service (DoS) and distant code execution.
Essentially the most extreme of the lot is a important safety flaw impacting Zoom Node Multimedia Routers (MMRs) that might allow a gathering participant to conduct distant code execution assaults. The vulnerability, tracked as CVE-2026-22844 and found internally by its Offensive Safety staff, carries a CVSS rating of 9.9 out of 10.0.
“A command injection vulnerability in Zoom Node Multimedia Routers (MMRs) earlier than model 5.2.1716.0 could permit a gathering participant to conduct distant code execution of the MMR through community entry,” the corporate famous in a Tuesday alert.
Zoom is recommending that clients utilizing Zoom Node Conferences, Hybrid, or Assembly Connector deployments replace to the most recent out there MMR model to safeguard in opposition to any potential risk.
There isn’t any proof that the safety flaw has been exploited within the wild. The vulnerability impacts the next variations –
- Zoom Node Conferences Hybrid (ZMH) MMR module variations prior to five.2.1716.0
- Zoom Node Assembly Connector (MC) MMR module variations prior to five.2.1716.0
GitLab Releases Patches for Extreme Flaws
The disclosure comes as GitLab launched fixes for a number of high-severity flaws affecting its Group Version (CE) and Enterprise Version (EE) that might lead to DoS and a bypass of two-factor authentication (2FA) protections. The shortcomings are listed under –
- CVE-2025-13927 (CVSS rating: 7.5) – A vulnerability that might permit an unauthenticated consumer to create a DoS situation by sending crafted requests with malformed authentication information (Impacts all variations from 11.9 earlier than 18.6.4, 18.7 earlier than 18.7.2, and 18.8 earlier than 18.8.2)
- CVE-2025-13928 (CVSS rating: 7.5) – An incorrect authorization vulnerability within the Releases API that might permit an unauthenticated consumer to trigger a DoS situation (Impacts all variations from 17.7 earlier than 18.6.4, 18.7 earlier than 18.7.2, and 18.8 earlier than 18.8.2)
- CVE-2026-0723 (CVSS rating: 7.4) – A vulnerability that might permit a person with present information of a sufferer’s credential ID to bypass 2FA by submitting solid gadget responses (Impacts all variations from 18.6 earlier than 18.6.4, 18.7 earlier than 18.7.2, and 18.8 earlier than 18.8.2 )
Additionally remediated by GitLab are two different medium-severity bugs that might additionally set off a DoS situation (CVE-2025-13335, CVSS rating: 6.5, and CVE-2026-1102, CVSS rating: 5.3) by configuring malformed Wiki paperwork that bypass cycle detection and sending repeated malformed SSH authentication requests, respectively.
Elevate your perspective with NextTech Information, the place innovation meets perception.
Uncover the most recent breakthroughs, get unique updates, and join with a worldwide community of future-focused thinkers.
Unlock tomorrow’s tendencies at the moment: learn extra, subscribe to our publication, and develop into a part of the NextTech group at NextTech-news.com
